Trouble with OFX and my bank, Kinecta Federal Credit Union

Bill De La Vega billdlv81 at gmail.com
Tue Feb 2 14:13:42 EST 2016 

Thanks for the effort, still does not work.  I missed a hyphen initially in
the UUID but I tried again with the same result.  I give up, as I am using
the same login / password I have used since I had the account.  The same
login / password works for the bank's website, and their app.  I guess
direct access is not used by many people.

OFXHEADER:100

DATA:OFXSGML

VERSION:103

SECURITY:NONE

ENCODING:USASCII

CHARSET:1252

COMPRESSION:NONE

OLDFILEUID:NONE

NEWFILEUID:20160202110245.000


<OFX><SIGNONMSGSRQV1><SONRQ><DTCLIENT>20160202110245.000<USERID>xxxx

<USERPASS>xxxxxxx

<LANGUAGE>ENG<FI><ORG>KINECTA<FID>322278073</FI><APPID>QWIN<APPVER>2500</SONRQ></SIGNONMSGSRQV1><SIGNUPMSGSRQV1><ACCTINFOTRNRQ><TRNUID>20160202110245.000<CLTCOOKIE>1<ACCTINFORQ><DTACCTUP>19691231</ACCTINFORQ></ACCTINFOTRNRQ></SIGNUPMSGSRQV1></OFX>


Received:

-------------------------------------

OFXHEADER:100

DATA:OFXSGML

VERSION:103

SECURITY:NONE

ENCODING:USASCII

CHARSET:1252

COMPRESSION:NONE

OLDFILEUID:NONE

NEWFILEUID:20160202110245.000


<OFX>

<SIGNONMSGSRSV1>

<SONRS>

<STATUS>

<CODE>15500

<SEVERITY>ERROR

</STATUS>

<DTSERVER>20160202190254

<LANGUAGE>ENG

<FI>

<ORG>KINECTA

<FID>322278073

</FI>

</SONRS>

</SIGNONMSGSRSV1>

<SIGNUPMSGSRSV1>

<ACCTINFOTRNRS>

<TRNUID>20160202110245.000

<STATUS>

<CODE>15500

<SEVERITY>ERROR

</STATUS>

<CLTCOOKIE>1

</ACCTINFOTRNRS>

</SIGNUPMSGSRSV1>

</OFX>



Sending:

-------------------------------------

OFXHEADER:100

DATA:OFXSGML

VERSION:103

SECURITY:NONE

ENCODING:USASCII

CHARSET:1252

COMPRESSION:NONE

OLDFILEUID:NONE

NEWFILEUID:20160202110438.000


<OFX><SIGNONMSGSRQV1><SONRQ><DTCLIENT>20160202110438.000<USERID>XXX

<USERPASS>XXXXX

<LANGUAGE>ENG<FI><ORG>KINECTA<FID>322278073</FI><APPID>QWIN<APPVER>2500<CLIENTUID>AD1F1DFD-6D564418AEB2F227918CF5A0</SONRQ></SIGNONMSGSRQV1><SIGNUPMSGSRQV1><ACCTINFOTRNRQ><TRNUID>20160202110438.000<CLTCOOKIE>1<ACCTINFORQ><DTACCTUP>19691231</ACCTINFORQ></ACCTINFOTRNRQ></SIGNUPMSGSRQV1></OFX>


Received:

-------------------------------------

OFXHEADER:100

DATA:OFXSGML

VERSION:103

SECURITY:NONE

ENCODING:USASCII

CHARSET:1252

COMPRESSION:NONE

OLDFILEUID:NONE

NEWFILEUID:20160202110438.000


<OFX>

<SIGNONMSGSRSV1>

<SONRS>

<STATUS>

<CODE>15500

<SEVERITY>ERROR

</STATUS>

<DTSERVER>20160202190439

<LANGUAGE>ENG

<FI>

<ORG>KINECTA

<FID>322278073

</FI>

</SONRS>

</SIGNONMSGSRSV1>

<SIGNUPMSGSRSV1>

<ACCTINFOTRNRS>

<TRNUID>20160202110438.000

<STATUS>

<CODE>15500

<SEVERITY>ERROR

</STATUS>

<CLTCOOKIE>1

</ACCTINFOTRNRS>

</SIGNUPMSGSRSV1>

</OFX>

Thanks,
Bill


On Mon, Feb 1, 2016 at 6:32 PM, David Reiser <dbreiser at icloud.com> wrote:

> Hmm. If you want to grasp at straws:
>   Launch Gnucash with the logging option you used earlier
>   Update the Application Version to 2500 (might as well make it the most
> recent)
>   Change the Header Version in the same dialog from “102” to “103”
>   Back on the User Settings tab in the same dialog, paste a UUID into the
> Client UID box
>
> To get a UUID, go to the Terminal.app and type
>
> uuidgen
>
> copy the output, paste it into an editor and strip out the hyphens. Paste
> the remaining characters into  the Client UID entry.
>
> Now try a connection.
>
> The only reason this setup would work would be that Kinecta has flipped
> the switch in Intuit’s server software to require multifactor
> authentication. Quicken totally hides the Client UID from users. So Kinecta
> wouldn’t have mentioned it any time, because it isn’t on their scripts.
> However, the bank does need to do something to verify that the Client UID
> that some version of Quicken sent them does in fact belong to your copy of
> Quicken instead of someone else’s. When Chase flipped the switch in
> November, there was a note in the ofx.log saying something like “go check
> your secure email at Chase.com <http://chase.com>”. Then there was
> another hoop to jump through after logging into the web site.
>
> There is also the possibility that you’ve tripped some maximum number of
> login attempts without succeeding. Even if multifactor authentication was
> the cause, you may have to find some way to have the bank reset your
> access.
>
> Dave
> --
> Dave Reiser
> dbreiser at icloud.com
>
>
>
>
>
> On Feb 1, 2016, at 8:18 PM, Bill De La Vega <billdlv81 at gmail.com> wrote:
>
> It is set at 2200. Intuit 2013.
>
> Thanks,
> Bill
>
>
> On Mon, Feb 1, 2016 at 4:53 PM, David Reiser <dbreiser at icloud.com> wrote:
>
>> Nothing obvious there. What are you using for the Application Version?
>> (Aqbanking setup, Edit User, Application Settings tab). Anything less than
>> 2200 is probably locked out of directconnect activity under Intuit’s forced
>> obsolescence plan.
>>
>> Dave
>> --
>> Dave Reiser
>> dbreiser at icloud.com
>>
>>
>>
>>
>>
>> > On Jan 25, 2016, at 8:42 PM, Bill De La Vega <billdlv81 at gmail.com>
>> wrote:
>> >
>> > Hello I am using version 2.6.11  rev f67faa2+ on my Mac (10.10.5).  I am
>> > getting the following error when I try and setup accounts for OFX.
>> >
>> > When I setup a new user, I go through the process and the first
>> connection
>> > looks like this.
>> >
>> > 17:37:15 Retrieving SSL certificate
>> > 17:37:15 Connecting to server...
>> > 17:37:15 Using old SSL preparation code.
>> > 17:37:16 TLS: SSL-Ciphers negotiated: TLS1.2:RSA-AES-128-CBC:SHA256
>> > 17:37:16 TLS: Warning - The server has chosen unsafe SSL-Ciphers!
>> > 17:37:16 Connected.
>> > 17:38:17 Disconnected.
>> > 17:38:17 Connection ok, certificate probably received
>> > 17:38:17 Operation finished, you can now close this window.
>> >
>> > For the next step, when I try and retrieve the accounts list, I get the
>> > following.
>> >
>> > 17:39:12 Sending request...
>> > 17:39:12 Using old SSL preparation code.
>> > 17:39:13 TLS: SSL-Ciphers negotiated: TLS1.2:RSA-AES-128-CBC:SHA256
>> > 17:39:13 TLS: Warning - The server has chosen unsafe SSL-Ciphers!
>> > 17:39:13 Waiting for response...
>> > 17:39:13 Parsing response...
>> > 17:39:13 Parsing response
>> > 17:39:13 Status for signon request: Signon invalid (Code 15500, severity
>> > "ERROR")
>> > The user cannot signon because he or she entered an invalid user ID or
>> > password.
>> > 17:39:13 Status for account info request: Signon invalid (Code 15500,
>> > severity "ERROR")
>> > The user cannot signon because he or she entered an invalid user ID or
>> > password.
>> > 17:39:13 Operation finished, you can now close this window.
>> >
>> > I have tried using my pin instead of my password, I get the same
>> result.  I
>> > have confirmed that I can access my account using the same credentials
>> via
>> > the bank's website.
>> >
>> > When I contacted the bank, they said they don't support gnu cash (no
>> > surprise there).  From what I have read so far online, several people
>> claim
>> > to be able to access this bank.  If I try and add an account manually, I
>> > get the same type of error.
>> >
>> > Thanks,
>> > Bill
>> > _______________________________________________
>> > gnucash-user mailing list
>> > gnucash-user at gnucash.org
>> > https://lists.gnucash.org/mailman/listinfo/gnucash-user
>> > -----
>> > Please remember to CC this list on all your replies.
>> > You can do this by using Reply-To-List or Reply-All.
>>
>>
>
>

More information about the gnucash-user mailing list